Configure user permissions
ADCM role model is designed for configuring user permissions via policies. As a result of a policy being applied the user has access only to the actions and ADCM objects that are included in that policy.
The ADCM offers a few ready-made user roles (sets of rules). You also can create your own roles to get the most suitable roles for your tasks.
Below are examples of configuring user permissions with the help of created policies.
Configure cluster administrator permissions
Let there exist two ADCM clusters named ADH
and ADH Prod
, and an ADCM user named user
,
who belongs to the group 1
group and is not an administrator of any cluster.
To create a policy that allows user
to obtain cluster administrator permissions for the ADH
cluster, do the following:
-
Enter the policy name —
user ADH
. -
Select the
Cluster Administrator
role and thegroup 1
group.The first step of creating a policy for the user -
Select the
ADH
cluster.The second step of creating a policy for the user -
Apply the policy by clicking Create.
After the policy is applied, user
is able to see only the ADH
cluster on the Clusters page. The user
also has the cluster administrator permissions for the ADH
cluster.

Let there exist an ADCM user named another_user
, who belongs to the group 2
group and is not an administrator of any cluster. Make that user the ADH Prod
cluster administrator via the actions similar to the actions above.
After the policy is applied, another_user
is able to see only the ADH Prod
cluster on the Clusters page. another_user
also has the cluster administrator permissions for the ADH Prod
cluster.

The ADCM administrator is able to view all clusters in the system.

Configure service administrator permissions
Let there exist an ADCM cluster named ADH Prod
that has the HDFS
service among others. Also let there exist an ADCM user named user
, who belongs to the group 1
group and is not an administrator of any service. To create a policy that allows user
to obtain service administrator permissions for the HDFS
service in the ADH Prod
cluster, do the following:
-
Enter the policy name —
user ADH Prod HDFS
. -
Select the
Service Administrator
role and thegroup 1
group.The first step of creating a policy for the user -
Select the
HDFS
service in theADH Prod
cluster.The second step of creating a policy for the user -
Apply the policy by clicking Create.
After the policy is applied, user
is able to see only the HDFS
service on the Services tab of the ADH Prod
cluster page. user
also has the service administrator permissions for the HDFS
service.

The ADCM administrator is able to view all services of the ADH Prod
cluster.

Configure read-only permissions
The ADCM User
role allows the user to view ADCM objects along with their configurations and components, yet does not allow the user to make any edits. This mode is, in fact, a read-only mode. The ADCM User
role is available when creating policies likewise in the same way as above.